Robert Smith (firstname.lastname@example.org) is Director Business Compliance and Ethics at Serco Group plc in Hook, England.
Swiss cheese was first manufactured as early as 1300 in the West Central ‘Emmental’ region of Switzerland, and it remains the favorite of many due to its rich, delicious taste. The carbon dioxide bubbles created by a bacteria give Swiss cheese its signature holes. These holes also form the basis of James Reason’s Swiss Cheese Model.
Reason’s Swiss Cheese Model was initially developed to illustrate how analyses of major accidents and catastrophes tended to reveal multiple smaller failures that allowed hazards to manifest. Although looking primarily at safety risks, his research indicated that human error was consistently the largest contributor to these failures.
In this model, each slice of cheese represents a barrier, which might prevent a hazard from manifesting into a failure. The theory works on the assumption that no single barrier is foolproof; they all have weaknesses or ‘holes,’ and when the holes are permitted to align, a risk can become a failure. Any component within an organization can be considered a slice in this model. Management is a slice. Allocation of resources is a slice. Internal controls are slices. The elements that make up an effective compliance program—value and tone, risk management, policies and standards, operating procedures, due diligence, training, monitoring, reporting, and review—are all slices. But if there are any deficiencies or flaws and they line up—meaning shared weaknesses are compounded—it creates a single hole throughout your organization that allows for an accident or event.
Reason’s theory was based on several insights:
It is the confluence of multiple factors that most often causes accidents.
Factors can range from unsafe individual acts to organizational errors.
Humans are prone to operational errors that require properly designed systems (strong, well-defined management systems and procedures) to mitigate the errors that humans inevitably commit.
Many contributing factors to an accident are latent errors (i.e., failures built into procedures, systems, buildings, or machines by the designers, builders, writers, or management). For example, ineffective training is a latent compliance error. Such errors lie dormant waiting to be triggered by any number of “active” errors (i.e., unsafe acts committed by people), for example, an employee who fails to follow a defined procedure (which may be due to a lack of understanding due to poor training rather than malicious intent).
From my ethics and compliance experience and related incident investigations, I have yet to see a serious incident that didn’t require half a dozen or more preconditions to all align. Some of these were before the event and some were after, but in every case, any one of several barriers (if it had been effective) could have either reduced the magnitude of consequences or, in many of these cases, completely prevented it.
Swiss cheese theory may look like a simple illustrative tool, but it has profound implications for the way that we manage compliance. In terms of preventing failures, it’s linked to the fundamental idea of protection-in-depth. This means that when we build ethics and compliance programs, its multiple parts need to integrate and support each other. It’s a near certainty that on a long enough timeline, every element of the compliance program will at some point fail or leave vulnerabilities, so the trick is to make sure that they don’t all fail concurrently. When they do, a catastrophic event can occur.